Difference between revisions of "Kismet"
From Forensics Wiki
(New page: {{Infobox_Software | name = Kismet | maintainer = Mike Kershaw | os = {{Linux}} | genre = Wireless forensics | license = {{GPL}} | website = [http://www.kismetwireless.net/ www...) |
m |
||
| Line 8: | Line 8: | ||
}} | }} | ||
| − | '''Kismet''' is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. | + | '''Kismet''' is an 802.11 layer2 wireless network detector, [[sniffer]], and intrusion detection system. |
== Overview == | == Overview == | ||
Latest revision as of 14:19, 24 September 2008
| Kismet | |
|---|---|
| Maintainer: | Mike Kershaw |
| OS: | Linux |
| Genre: | Wireless forensics |
| License: | GPL |
| Website: | www.kismetwireless.net |
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
[edit] Overview
- Wireshark/Tcpdump compatible data logging;
- Airsnort compatible weak-iv packet logging;
- Network IP range detection;
- Built-in channel hopping and multicard split channel hopping;
- Hidden network SSID decloaking;
- Graphical mapping of networks;
- Client/server architecture allows multiple clients to view a single Kismet server simultaneously;
- Manufacturer and model identification of access points and clients;
- Detection of known default access point configurations;
- Runtime decoding of WEP packets for known networks;
- Named pipe output for integration with other tools, such as a layer3 IDS like Snort;
- Multiplexing of multiple simultaneous capture sources on a single Kismet instance;
- Distributed remote drone sniffing;
- XML output;
- Over 20 supported card types.
[edit] Intrusion Detection
Kismet will detect following events:
- Active network scanning (NetStumbler, PocketStumbler, etc);
- SSID brute force attempts;
- Broadcast disconnect/deauthenticate attacks;
- Deauthenticate/disassociate flood;
- Fake APs (new AP on another channel, invalid BSS timestamps);
- Many DoS attacks (zero-length SSID, over-long SSID, etc).
